CPUG: The Check Point User Group - Application Control Bladehttps://www.cpug.org/forums/
Discussion Threads For The Application Control BladeenThu, 22 Feb 2018 05:11:18 GMTvBulletin60https://www.cpug.org/forums/images/misc/rss.pngCPUG: The Check Point User Group - Application Control Bladehttps://www.cpug.org/forums/
Skypehttps://www.cpug.org/forums/showthread.php/22395-Skype?goto=newpost
Sat, 17 Feb 2018 22:21:28 GMTThe goal is to allow Skype and only Skype (voice, chat and all) (the consumer version). Naive as I am, I thought this would be no problem with our new, bright and shiny firewalls.

So I created an accept rule and specified "Skype" in the application column. Does it work? Nah, of course not. While some initial traffic to Microsoft servers seems to go through, the traffic (peer-to-peer I guess) on random TCP and UDP ports gets denied.

I tried with and without HTTPS inspection, not that it would matter because Skype apparently uses something proprietary anyway.

So how do I make this work and what is this "Skype" application that I can use as an application filter anyway since it's not doing what it should?
]]>Application Control Bladejeronimohttps://www.cpug.org/forums/showthread.php/22395-SkypeURL filtering, is this a joke?https://www.cpug.org/forums/showthread.php/22392-URL-filtering-is-this-a-joke?goto=newpost
Fri, 16 Feb 2018 16:03:29 GMTHey,

Say I simply want to allow access to example.com and all of its subdomains. From what I read in sk106623 this is pure horror:

1) You have to enable regex filtering for a task trivial as this.
2) It makes no sense why \.example\.com would include subdomains. You'd expect that would need to be ".*\.example\.com".
3) In fact I tried and it does include all subdomains but not the base domain, which makes sense...
4) ...and which also makes sk106623 wrong.

Just like on a ProxySG for example, I'd want to put "example.com" there and be done.

We have enabled Application control & URL filtering blade without Https inspection in our environment over 3 months back. Now we are going to enable the Https inspection feature in it. Can someone tell me what is the difference between running the blade with and without https inspection. How exactly Https inspection works with the outgoing traffic and advantages of enabling it.
]]>Application Control Bladeiamramu92https://www.cpug.org/forums/showthread.php/22357-Enabiling-Https-inspection